Back to article
Adobe Flash Cookies: Yes They Are Dangerous, and More Cool Linux Hacks
What Happens When You Disable Flash Cookies
March 30, 2009
Hopefully this is my last word on Adobe Flash cookies (the correct name is Local Shared Objects) for awhile, because I'm getting tired of the subject. But several readers sent me some useful comments and hacks that seemed worth sharing, so here they are.
Some good questions are "Are Flash cookies dangerous? What happens when you disable them completely, do you lose any important functionality?" Let's answer the second one first. Blocking Flash cookies completely shouldn't disable any Flash-enabled sites that you visit, though if you find one that refuses to work without LSOs you might ponder how badly you really want to visit such a site. You will lose some personalization on sites that use LSOs to save your personal settings: game scores, volume levels, keeping track of which dialog boxes you've already seen, saving playlists or queue, saving logins, and other personalized settings and data. If you have been encountering mysterious behavior on Flash-enabled sites that you like to visit, such as volume settings not related to your system volume settings, or saved playlists or logins even when you routinely delete HTTP cookies, most likely this is why.
Are Flash Cookies Dangerous?
Of course they are-- to your privacy and personal data security. As increasing numbers of Web surfers understandably object to being cyber-stalked by marketers, and their personal data used and abused in all kinds of ways without their knowledge or consent, they take extra steps to foil HTTP cookie abuse by blocking and deleting the little buggers. Flash cookies are used in deliberately sneaky ways to get around this. You can't always tell when a site is Flash-enabled, because Flash elements can be embedded invisibly.
"It's important to understand that even though this settings panel is part of Adobe Flash Player, the information will be used by an application created by a third party. Adobe assumes no responsibility for third-party privacy policies, actions of third-party companies in storing information on your computer, or such companies' use of such data or information."
Adobe's LSO manager lets you deny and allow Flash cookies on a per-site basis. You can also use it to disable third-party Flash cookies, which just like HTTP cookies are the worst offenders. Assuming you trust Adobe, which I don't, though you can easily verify that the manager is doing its job by simply looking in the relevant directories on your computer. (~/.macromedia on Linux.)
Another worry is Adobe's Flash player is closed-source, so there is no way to inspect the source code to see what is really going on, or to perform security audits. For years the Flash player was considered to be safe from being exploited in malicious ways, but this belief has been shot to heck as several exploits have appeared in recent times.
Running Adblock Plus and NoScript on Firefox (and any other browsers that support them, or that have similar features) are also helpful for keeping nasties off your system.